Académique Documents
Professionnel Documents
Culture Documents
Exam 210-250
Understanding Cisco Cybersecurity Fundamentals
GUIA
[ Total Questions: 65 ]
Question No : 1
Which type of exploit normally requires the culprit to have prior access to the target
system?
A. local exploit
B. denial of service
C. system vulnerability
D. remote exploit
Answer: A
Question No : 2
Which identifier is used to describe the application or process that submitted a log
message?
A. action
B. selector
C. priority
D. facility
Answer: D
Question No : 3
Which concern is important when monitoring NTP servers for abnormal levels of traffic?
2
Question No : 4 DRAG DROP
Drag the technology on the left to the data type the technology provides on the right.
Answer:
Explanation:
Tcpdump = full packet capture
netflow = session data
Traditional stateful firewall = connection event
Web content filtering = transaction data
Question No : 5
Which protocol is primarily supported by the third layer of the Open Systems
Interconnection reference model?
A. HTTP/TLS
B. IPv4/IPv6
C. TCP/UDP
D. ATM/ MPLS
Answer: B
Question No : 6
A. application
B. Internet
C. link
D. transport
Answer: A
Question No : 7
A. NTP
B. DNS
C. HTTP
D. IMAP
E. SMTP
Answer: D,E
Question No : 8
4
Question No : 9
Answer: A
Question No : 10
Which two actions are valid uses of public key infrastructure? (Choose two )
Answer: B,C
Question No : 11
In NetFlow records, which flags indicate that an HTTP connection was stopped by a
security appliance, like a firewall, before it could be built fully?
A. ACK
B. SYN ACK
C. RST
D. PSH, ACK
Answer: C
Question No : 12
Answer: D
Question No : 13
Which two features must a next generation firewall include? (Choose two.)
A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system
Answer: C,E
Question No : 14
A. AES
B. CES
C. DES
D. 3DES
Answer: A
Question 15
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets
can be sent across networks?
Answer: B
Question No : 16
A. The document is hashed and then the document is encrypted with the private key.
B. The document is hashed and then the hash is encrypted with the private key.
C. The document is encrypted and then the document is hashed with the public key
D. The document is hashed and then the document is encrypted with the public key.
Answer: B
Question No : 17
Which two terms are types of cross site scripting attacks? (Choose two )
A. directed
B. encoded
C. stored
D. reflected
E. cascaded
Answer: C,D
Question 18
Which network device is used to separate broadcast domains?
A. router
B. repeater
C. switch
D. bridge
Answer: A
Question No : 19
Based on which statement does the discretionary access control security model grant or
restrict access ?
Answer: B
Question No : 20
A. symmetric
B. public
C. private
D. asymmetric
Answer: B
Question No : 21
Which two activities are examples of social engineering? (Choose two)
Question 21
Answer: A,D
Question No : 22
Which definition of the virtual address space for a Windows process is true?
Answer: B
Question No : 23
Which term represents the practice of giving employees only those permissions necessary
to perform their specific role within an organization?
A. integrity validation
B. due diligence
C. need to know
D. least privilege
Answer: D
Question No : 24
Which term represents the chronological record of how evidence was collected-
analyzed, preserved, and transferred?
A. chain of evidence
B. evidence chronology
C. chain of custody
D. record of safekeeping
Answer: C
Question No : 25
Which two tasks can be performed by analyzing the logs of a traditional stateful firewall?
(Choose two.)
Answer: A,D
Question No : 26
Which security monitoring data type is associated with application server logs?
A. alert data
B. statistical data
C. session data
D. transaction data
Answer: D
Question No : 27
Answer: A
Question No : 28
One of the objectives of information security is to protect the CIA of information and
systems. What does CIA mean in this context?
Answer: A
Question No : 29
According to RFC 1035 which transport protocol is recommended for use with DNS
queries?
Answer: D
Question No : 30
Which definition describes the main purpose of a Security Information and Event
Management solution ?
Answer: D
Question No : 31
A. sustainability
B. integrity
C. confidentiality
D. availability
Answer: C
Question No : 32
Answer: B
Question No : 33
If a web server accepts input from the user and passes it to a bash shell, to which attack
method is it vulnerable?
A. input validation
B. hash collision
C. command injection
D. integer overflow
Answer: C
Question No : 34
A. SHA-512
B. RSA 4096
C. SHA-1
D. SHA-256
Answer: C
Question No : 35
A user reports difficulties accessing certain external web pages, When examining traffic to
and from the external domain in full packet captures, you notice many SYNs that have the
same sequence number, source, and destination IP address, but have different payloads.
Which problem is a possible explanation of this situation?
Answer: D
Question No : 36
A. exploit kit
B. root kit
C. vulnerability kit
D. script kiddie kit
Answer: A
Question No : 37
Refer to the exhibit. During an analysis this list of email attachments is found. Which files
contain the same content?
A. 1 and 4
B. 3 and 4
C. 1 and 3
D. 1 and 2
Answer: C
Question No : 38
For which reason can HTTPS traffic make security monitoring difficult?
A. encryption
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
Answer: A
Question No : 39
Which directory is commonly used on Linux systems to store log files, including syslog and
apache access logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log
Answer: D
Question No : 40
Which term represents a weakness in a system that could lead to the system being
compromised?
A. vulnerability
B. threat
C. exploit
D. risk
Answer: A
Question No : 41
Answer: D
Question No : 42
A. running program
B. unit of execution that must be manually scheduled by the application
C. database that stores low-level settings for the OS and for certain applications
D. basic unit to which the operating system allocates processor time
Answer: A
Question No : 43
Answer: D
Drag the data source on the left to the left to the correct data type on the right.
Answer:
Explanation:
Wireshark = full packet capture
Netflow = session data
Server log = Transaction data
IPS = alert data
Question No : 45
A. spear
B. whaling
C. mailbomb
D. hooking
E. mailnet
Answer: A,B
Question No : 46
While viewing packet capture data, you notice that one IP is sending and receiving traffic
for multiple devices by modifying the IP header, Which option is making this behavior
possible?
A. TOR
B. NAT
C. encapsulation
D. tunneling
Answer: B
Question No : 47
A. program used to detect and remove unwanted malicious software from the system
B. program that provides real time analysis of security alerts generated by
network hardware and application
C. program that scans a running application for vulnerabilities
D. rules that allow network traffic to go in and out
Answer: A
Question No : 48
A. replay
B. man-in-the-middle
C. dictionary
D. known-plaintext
Answer: B
Question No : 49
A. traffic fragmentation
B. resource exhaustion
C. timing attack
D. tunneling
Answer: B
Question No : 50
Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an
NTP server to overwhelm their target?
Answer: C
Question No : 51
A. MD5
B. RC4
C. SHA-3
D. SHA-2
Answer: A
Question No : 52
Which protocol is expected to have NTP a user agent, host, and referrer headers in a
packet capture?
A. NTP
B. HTTP
C. DNS
D. SSH
Answer: B
Question No : 53
Answer: C
Question No : 54
Answer: A
Question No : 56
Which evasion method involves performing actions slower than normal to prevent
detection?
A. traffic fragmentation
B. tunneling
C. timing attack
D. resource exhaustion
Answer: C
Question No : 57
Which event occurs when a signature-based IDS encounters network traffic that triggers an
alert?
A. connection event
B. endpoint event
C. NetFlow event
D. intrusion event
Answer: D
Question No : 58
A. session data
B. application logs
C. network downtime
D. report full packet capture
Answer: A
Question No : 59
Which term describes the act of a user, without authority or permission, obtaining rights on
a system, beyond what were assigned?
A. authentication tunneling
B. administrative abuse
C. rights exploitation
D. privilege escalation
Answer: D
Question No : 60
Refer to the exhibit. A TFTP server has recently been installed in the Atlanpero ta office.
The network administrator is located in the NY office and has attempted to make a
connection to the TFTP server. They are unable to backup the configuration file and
Cisco IOS of the NY router to the TFTP server Which cause of this problem is true?
Answer: A
Question No : 61
Which term represents a potential danger that could take advantage of a weakness in a
system?
A. vulnerability
B. risk
C. threat
D. exploit
Answer: D
Question No : 62
Which security principle states that more than one person is required to perform a critical
task?
A. due diligence
B. separation of duties
C. need to know
D. least privilege
Answer: B
Question No : 63
You must create a vulnerability management framework. Which main purpose of this
framework is true?
Answer: c
Question No : 64
Answer: B
Question No : 65
Which security monitoring data type requires the most storage space?
Answer: A